test_suite_ccm.function (31224B)
1 /* BEGIN_HEADER */ 2 #include "mbedtls/ccm.h" 3 4 /* Use the multipart interface to process the encrypted data in two parts 5 * and check that the output matches the expected output. 6 * The context must have been set up with the key. */ 7 static int check_multipart(mbedtls_ccm_context *ctx, 8 int mode, 9 const data_t *iv, 10 const data_t *add, 11 const data_t *input, 12 const data_t *expected_output, 13 const data_t *tag, 14 size_t n1, 15 size_t n1_add) 16 { 17 int ok = 0; 18 uint8_t *output = NULL; 19 size_t n2 = input->len - n1; 20 size_t n2_add = add->len - n1_add; 21 size_t olen; 22 23 /* Sanity checks on the test data */ 24 TEST_ASSERT(n1 <= input->len); 25 TEST_ASSERT(n1_add <= add->len); 26 TEST_EQUAL(input->len, expected_output->len); 27 TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len)); 28 TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len)); 29 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add)); 30 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add)); 31 32 /* Allocate a tight buffer for each update call. This way, if the function 33 * tries to write beyond the advertised required buffer size, this will 34 * count as an overflow for memory sanitizers and static checkers. */ 35 TEST_CALLOC(output, n1); 36 olen = 0xdeadbeef; 37 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); 38 TEST_EQUAL(n1, olen); 39 TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1); 40 mbedtls_free(output); 41 output = NULL; 42 43 TEST_CALLOC(output, n2); 44 olen = 0xdeadbeef; 45 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); 46 TEST_EQUAL(n2, olen); 47 TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2); 48 mbedtls_free(output); 49 output = NULL; 50 51 TEST_CALLOC(output, tag->len); 52 TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); 53 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 54 mbedtls_free(output); 55 output = NULL; 56 57 ok = 1; 58 exit: 59 mbedtls_free(output); 60 return ok; 61 } 62 /* END_HEADER */ 63 64 /* BEGIN_DEPENDENCIES 65 * depends_on:MBEDTLS_CCM_C 66 * END_DEPENDENCIES 67 */ 68 69 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */ 70 void mbedtls_ccm_self_test() 71 { 72 BLOCK_CIPHER_PSA_INIT(); 73 TEST_ASSERT(mbedtls_ccm_self_test(1) == 0); 74 BLOCK_CIPHER_PSA_DONE(); 75 } 76 /* END_CASE */ 77 78 /* BEGIN_CASE */ 79 void mbedtls_ccm_setkey(int cipher_id, int key_size, int result) 80 { 81 mbedtls_ccm_context ctx; 82 mbedtls_ccm_init(&ctx); 83 unsigned char key[32]; 84 int ret; 85 86 BLOCK_CIPHER_PSA_INIT(); 87 88 memset(key, 0x2A, sizeof(key)); 89 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key)); 90 91 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size); 92 TEST_ASSERT(ret == result); 93 94 exit: 95 mbedtls_ccm_free(&ctx); 96 BLOCK_CIPHER_PSA_DONE(); 97 } 98 /* END_CASE */ 99 100 /* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */ 101 void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) 102 { 103 mbedtls_ccm_context ctx; 104 mbedtls_ccm_init(&ctx); 105 unsigned char key[16]; 106 unsigned char msg[10]; 107 unsigned char iv[14]; 108 unsigned char *add = NULL; 109 unsigned char out[10]; 110 unsigned char tag[18]; 111 int decrypt_ret; 112 113 BLOCK_CIPHER_PSA_INIT(); 114 115 TEST_CALLOC_OR_SKIP(add, add_len); 116 memset(key, 0, sizeof(key)); 117 memset(msg, 0, sizeof(msg)); 118 memset(iv, 0, sizeof(iv)); 119 memset(out, 0, sizeof(out)); 120 memset(tag, 0, sizeof(tag)); 121 122 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 123 key, 8 * sizeof(key)) == 0); 124 125 TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len, 126 msg, out, tag, tag_len) == res); 127 128 decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len, 129 msg, out, tag, tag_len); 130 131 if (res == 0) { 132 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); 133 } else { 134 TEST_ASSERT(decrypt_ret == res); 135 } 136 137 exit: 138 mbedtls_free(add); 139 mbedtls_ccm_free(&ctx); 140 BLOCK_CIPHER_PSA_DONE(); 141 } 142 /* END_CASE */ 143 144 /* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */ 145 void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, 146 int res) 147 { 148 mbedtls_ccm_context ctx; 149 mbedtls_ccm_init(&ctx); 150 unsigned char key[16]; 151 unsigned char msg[10]; 152 unsigned char iv[14]; 153 unsigned char add[10]; 154 unsigned char out[10]; 155 unsigned char tag[18]; 156 int decrypt_ret; 157 158 BLOCK_CIPHER_PSA_INIT(); 159 160 memset(key, 0, sizeof(key)); 161 memset(msg, 0, sizeof(msg)); 162 memset(iv, 0, sizeof(iv)); 163 memset(add, 0, sizeof(add)); 164 memset(out, 0, sizeof(out)); 165 memset(tag, 0, sizeof(tag)); 166 167 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 168 key, 8 * sizeof(key)) == 0); 169 170 TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len, 171 add, add_len, msg, out, tag, tag_len) == res); 172 173 decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add, 174 add_len, msg, out, tag, tag_len); 175 176 if (res == 0 && tag_len != 0) { 177 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); 178 } else { 179 TEST_ASSERT(decrypt_ret == res); 180 } 181 182 exit: 183 mbedtls_ccm_free(&ctx); 184 BLOCK_CIPHER_PSA_DONE(); 185 } 186 /* END_CASE */ 187 188 /* BEGIN_CASE */ 189 void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, 190 data_t *msg, data_t *iv, 191 data_t *add, data_t *result) 192 { 193 mbedtls_ccm_context ctx; 194 mbedtls_ccm_init(&ctx); 195 size_t n1, n1_add; 196 uint8_t *io_msg_buf = NULL; 197 uint8_t *tag_buf = NULL; 198 const size_t expected_tag_len = result->len - msg->len; 199 const uint8_t *expected_tag = result->x + msg->len; 200 201 /* Prepare input/output message buffer */ 202 TEST_CALLOC(io_msg_buf, msg->len); 203 if (msg->len != 0) { 204 memcpy(io_msg_buf, msg->x, msg->len); 205 } 206 207 /* Prepare tag buffer */ 208 TEST_CALLOC(tag_buf, expected_tag_len); 209 210 BLOCK_CIPHER_PSA_INIT(); 211 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 212 /* Test with input == output */ 213 TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len, 214 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0); 215 216 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len); 217 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); 218 219 /* Prepare data_t structures for multipart testing */ 220 const data_t encrypted_expected = { .x = result->x, 221 .len = msg->len }; 222 const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */ 223 .len = expected_tag_len }; 224 225 for (n1 = 0; n1 <= msg->len; n1 += 1) { 226 for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 227 mbedtls_test_set_step(n1 * 10000 + n1_add); 228 if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT, 229 iv, add, msg, 230 &encrypted_expected, 231 &tag_expected, 232 n1, n1_add)) { 233 goto exit; 234 } 235 } 236 } 237 238 exit: 239 mbedtls_ccm_free(&ctx); 240 mbedtls_free(io_msg_buf); 241 mbedtls_free(tag_buf); 242 BLOCK_CIPHER_PSA_DONE(); 243 } 244 /* END_CASE */ 245 246 /* BEGIN_CASE */ 247 void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, 248 data_t *msg, data_t *iv, data_t *result) 249 { 250 mbedtls_ccm_context ctx; 251 mbedtls_ccm_init(&ctx); 252 uint8_t *output = NULL; 253 size_t olen; 254 255 BLOCK_CIPHER_PSA_INIT(); 256 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 257 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 258 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0)); 259 260 TEST_CALLOC(output, msg->len); 261 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 262 TEST_EQUAL(result->len, olen); 263 TEST_MEMORY_COMPARE(output, olen, result->x, result->len); 264 265 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0)); 266 exit: 267 mbedtls_free(output); 268 mbedtls_ccm_free(&ctx); 269 BLOCK_CIPHER_PSA_DONE(); 270 } 271 /* END_CASE */ 272 273 /* BEGIN_CASE */ 274 void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, 275 data_t *msg, data_t *iv, 276 data_t *add, int expected_tag_len, int result, 277 data_t *expected_msg) 278 { 279 mbedtls_ccm_context ctx; 280 mbedtls_ccm_init(&ctx); 281 size_t n1, n1_add; 282 283 const size_t expected_msg_len = msg->len - expected_tag_len; 284 const uint8_t *expected_tag = msg->x + expected_msg_len; 285 286 /* Prepare input/output message buffer */ 287 uint8_t *io_msg_buf = NULL; 288 TEST_CALLOC(io_msg_buf, expected_msg_len); 289 if (expected_msg_len) { 290 memcpy(io_msg_buf, msg->x, expected_msg_len); 291 } 292 293 BLOCK_CIPHER_PSA_INIT(); 294 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 295 /* Test with input == output */ 296 TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len, 297 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), 298 result); 299 300 if (result == 0) { 301 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); 302 303 /* Prepare data_t structures for multipart testing */ 304 const data_t encrypted = { .x = msg->x, 305 .len = expected_msg_len }; 306 307 const data_t tag_expected = { .x = (uint8_t *) expected_tag, 308 .len = expected_tag_len }; 309 310 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { 311 for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 312 mbedtls_test_set_step(n1 * 10000 + n1_add); 313 if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT, 314 iv, add, &encrypted, 315 expected_msg, 316 &tag_expected, 317 n1, n1_add)) { 318 goto exit; 319 } 320 } 321 } 322 } else { 323 size_t i; 324 325 for (i = 0; i < expected_msg_len; i++) { 326 TEST_EQUAL(io_msg_buf[i], 0); 327 } 328 } 329 330 exit: 331 mbedtls_free(io_msg_buf); 332 mbedtls_ccm_free(&ctx); 333 BLOCK_CIPHER_PSA_DONE(); 334 } 335 /* END_CASE */ 336 337 /* BEGIN_CASE */ 338 void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, 339 data_t *key, data_t *msg, 340 data_t *source_address, data_t *frame_counter, 341 int sec_level, data_t *add, 342 data_t *expected_result, int output_ret) 343 { 344 unsigned char iv[13]; 345 mbedtls_ccm_context ctx; 346 mbedtls_ccm_init(&ctx); 347 size_t iv_len, expected_tag_len; 348 size_t n1, n1_add; 349 uint8_t *io_msg_buf = NULL; 350 uint8_t *tag_buf = NULL; 351 352 const uint8_t *expected_tag = expected_result->x + msg->len; 353 354 /* Calculate tag length */ 355 if (sec_level % 4 == 0) { 356 expected_tag_len = 0; 357 } else { 358 expected_tag_len = 1 << (sec_level % 4 + 1); 359 } 360 361 /* Prepare input/output message buffer */ 362 TEST_CALLOC(io_msg_buf, msg->len); 363 if (msg->len) { 364 memcpy(io_msg_buf, msg->x, msg->len); 365 } 366 367 /* Prepare tag buffer */ 368 if (expected_tag_len == 0) { 369 TEST_CALLOC(tag_buf, 16); 370 } else { 371 TEST_CALLOC(tag_buf, expected_tag_len); 372 } 373 374 /* Calculate iv */ 375 TEST_ASSERT(source_address->len == 8); 376 TEST_ASSERT(frame_counter->len == 4); 377 memcpy(iv, source_address->x, source_address->len); 378 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); 379 iv[source_address->len + frame_counter->len] = sec_level; 380 iv_len = sizeof(iv); 381 382 BLOCK_CIPHER_PSA_INIT(); 383 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, 384 key->x, key->len * 8), 0); 385 /* Test with input == output */ 386 TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len, 387 add->x, add->len, io_msg_buf, 388 io_msg_buf, tag_buf, expected_tag_len), output_ret); 389 390 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len); 391 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); 392 393 if (output_ret == 0) { 394 const data_t iv_data = { .x = iv, 395 .len = iv_len }; 396 397 const data_t encrypted_expected = { .x = expected_result->x, 398 .len = msg->len }; 399 const data_t tag_expected = { .x = (uint8_t *) expected_tag, 400 .len = expected_tag_len }; 401 402 for (n1 = 0; n1 <= msg->len; n1 += 1) { 403 for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 404 mbedtls_test_set_step(n1 * 10000 + n1_add); 405 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT, 406 &iv_data, add, msg, 407 &encrypted_expected, 408 &tag_expected, 409 n1, n1_add)) { 410 goto exit; 411 } 412 } 413 } 414 } 415 416 exit: 417 mbedtls_ccm_free(&ctx); 418 mbedtls_free(io_msg_buf); 419 mbedtls_free(tag_buf); 420 BLOCK_CIPHER_PSA_DONE(); 421 } 422 /* END_CASE */ 423 424 /* BEGIN_CASE */ 425 void mbedtls_ccm_star_auth_decrypt(int cipher_id, 426 data_t *key, data_t *msg, 427 data_t *source_address, data_t *frame_counter, 428 int sec_level, data_t *add, 429 data_t *expected_result, int output_ret) 430 { 431 unsigned char iv[13]; 432 mbedtls_ccm_context ctx; 433 mbedtls_ccm_init(&ctx); 434 size_t iv_len, expected_tag_len; 435 size_t n1, n1_add; 436 437 /* Calculate tag length */ 438 if (sec_level % 4 == 0) { 439 expected_tag_len = 0; 440 } else { 441 expected_tag_len = 1 << (sec_level % 4 + 1); 442 } 443 444 const size_t expected_msg_len = msg->len - expected_tag_len; 445 const uint8_t *expected_tag = msg->x + expected_msg_len; 446 447 /* Prepare input/output message buffer */ 448 uint8_t *io_msg_buf = NULL; 449 TEST_CALLOC(io_msg_buf, expected_msg_len); 450 if (expected_msg_len) { 451 memcpy(io_msg_buf, msg->x, expected_msg_len); 452 } 453 454 /* Calculate iv */ 455 memset(iv, 0x00, sizeof(iv)); 456 TEST_ASSERT(source_address->len == 8); 457 TEST_ASSERT(frame_counter->len == 4); 458 memcpy(iv, source_address->x, source_address->len); 459 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); 460 iv[source_address->len + frame_counter->len] = sec_level; 461 iv_len = sizeof(iv); 462 463 BLOCK_CIPHER_PSA_INIT(); 464 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0); 465 /* Test with input == output */ 466 TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len, 467 add->x, add->len, io_msg_buf, io_msg_buf, 468 expected_tag, expected_tag_len), output_ret); 469 470 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); 471 472 if (output_ret == 0) { 473 const data_t iv_data = { .x = iv, 474 .len = iv_len }; 475 476 const data_t encrypted = { .x = msg->x, 477 .len = expected_msg_len }; 478 479 const data_t tag_expected = { .x = (uint8_t *) expected_tag, 480 .len = expected_tag_len }; 481 482 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { 483 for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 484 mbedtls_test_set_step(n1 * 10000 + n1_add); 485 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT, 486 &iv_data, add, &encrypted, 487 expected_result, 488 &tag_expected, 489 n1, n1_add)) { 490 goto exit; 491 } 492 } 493 } 494 } 495 496 exit: 497 mbedtls_ccm_free(&ctx); 498 mbedtls_free(io_msg_buf); 499 BLOCK_CIPHER_PSA_DONE(); 500 } 501 /* END_CASE */ 502 503 /* Skip auth data, provide full text */ 504 /* BEGIN_CASE */ 505 void mbedtls_ccm_skip_ad(int cipher_id, int mode, 506 data_t *key, data_t *msg, data_t *iv, 507 data_t *result, data_t *tag) 508 { 509 mbedtls_ccm_context ctx; 510 mbedtls_ccm_init(&ctx); 511 uint8_t *output = NULL; 512 size_t olen; 513 514 /* Sanity checks on the test data */ 515 TEST_EQUAL(msg->len, result->len); 516 517 BLOCK_CIPHER_PSA_INIT(); 518 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 519 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 520 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len)); 521 522 TEST_CALLOC(output, result->len); 523 olen = 0xdeadbeef; 524 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); 525 TEST_EQUAL(result->len, olen); 526 TEST_MEMORY_COMPARE(output, olen, result->x, result->len); 527 mbedtls_free(output); 528 output = NULL; 529 530 TEST_CALLOC(output, tag->len); 531 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); 532 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 533 mbedtls_free(output); 534 output = NULL; 535 536 exit: 537 mbedtls_free(output); 538 mbedtls_ccm_free(&ctx); 539 BLOCK_CIPHER_PSA_DONE(); 540 } 541 /* END_CASE */ 542 543 /* Provide auth data, skip full text */ 544 /* BEGIN_CASE */ 545 void mbedtls_ccm_skip_update(int cipher_id, int mode, 546 data_t *key, data_t *iv, data_t *add, 547 data_t *tag) 548 { 549 mbedtls_ccm_context ctx; 550 mbedtls_ccm_init(&ctx); 551 uint8_t *output = NULL; 552 553 BLOCK_CIPHER_PSA_INIT(); 554 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 555 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 556 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len)); 557 558 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 559 560 TEST_CALLOC(output, tag->len); 561 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); 562 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 563 mbedtls_free(output); 564 output = NULL; 565 566 exit: 567 mbedtls_free(output); 568 mbedtls_ccm_free(&ctx); 569 BLOCK_CIPHER_PSA_DONE(); 570 } 571 /* END_CASE */ 572 573 /* Provide too much auth data */ 574 /* BEGIN_CASE */ 575 void mbedtls_ccm_overflow_ad(int cipher_id, int mode, 576 data_t *key, data_t *iv, 577 data_t *add) 578 { 579 mbedtls_ccm_context ctx; 580 mbedtls_ccm_init(&ctx); 581 582 /* This test can't be run with empty additional data */ 583 TEST_LE_U(1, add->len); 584 585 BLOCK_CIPHER_PSA_INIT(); 586 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 587 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 588 // use hardcoded values for msg length and tag length. They are not a part of this test 589 // subtract 1 from configured auth data length to provoke an overflow 590 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16)); 591 592 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 593 exit: 594 mbedtls_ccm_free(&ctx); 595 BLOCK_CIPHER_PSA_DONE(); 596 } 597 /* END_CASE */ 598 599 /* Provide unexpected auth data */ 600 /* BEGIN_CASE */ 601 void mbedtls_ccm_unexpected_ad(int cipher_id, int mode, 602 data_t *key, data_t *iv, 603 data_t *add) 604 { 605 mbedtls_ccm_context ctx; 606 mbedtls_ccm_init(&ctx); 607 608 BLOCK_CIPHER_PSA_INIT(); 609 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 610 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 611 // use hardcoded values for msg length and tag length. They are not a part of this test 612 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16)); 613 614 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 615 exit: 616 mbedtls_ccm_free(&ctx); 617 BLOCK_CIPHER_PSA_DONE(); 618 } 619 /* END_CASE */ 620 621 /* Provide unexpected plaintext/ciphertext data */ 622 /* BEGIN_CASE */ 623 void mbedtls_ccm_unexpected_text(int cipher_id, int mode, 624 data_t *key, data_t *msg, data_t *iv, 625 data_t *add) 626 { 627 mbedtls_ccm_context ctx; 628 mbedtls_ccm_init(&ctx); 629 uint8_t *output = NULL; 630 size_t olen; 631 632 BLOCK_CIPHER_PSA_INIT(); 633 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 634 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 635 // use hardcoded value for tag length. It is not a part of this test 636 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); 637 638 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 639 640 TEST_CALLOC(output, msg->len); 641 olen = 0xdeadbeef; 642 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, 643 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 644 exit: 645 mbedtls_free(output); 646 mbedtls_ccm_free(&ctx); 647 BLOCK_CIPHER_PSA_DONE(); 648 } 649 /* END_CASE */ 650 651 /* Provide incomplete auth data and finish */ 652 /* BEGIN_CASE */ 653 void mbedtls_ccm_incomplete_ad(int cipher_id, int mode, 654 data_t *key, data_t *iv, data_t *add) 655 { 656 mbedtls_ccm_context ctx; 657 mbedtls_ccm_init(&ctx); 658 uint8_t *output = NULL; 659 660 /* This test can't be run with empty additional data */ 661 TEST_LE_U(1, add->len); 662 663 BLOCK_CIPHER_PSA_INIT(); 664 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 665 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 666 // use hardcoded values for msg length and tag length. They are not a part of this test 667 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); 668 669 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); 670 671 TEST_CALLOC(output, 16); 672 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 673 674 exit: 675 mbedtls_free(output); 676 mbedtls_ccm_free(&ctx); 677 BLOCK_CIPHER_PSA_DONE(); 678 } 679 /* END_CASE */ 680 681 /* Provide complete auth data on first update_ad. 682 * Provide unexpected auth data on second update_ad */ 683 /* BEGIN_CASE */ 684 void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode, 685 data_t *key, data_t *iv, 686 data_t *add) 687 { 688 mbedtls_ccm_context ctx; 689 mbedtls_ccm_init(&ctx); 690 691 BLOCK_CIPHER_PSA_INIT(); 692 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 693 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 694 // use hardcoded values for msg length and tag length. They are not a part of this test 695 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); 696 697 // pass full auth data 698 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 699 // pass 1 extra byte 700 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1)); 701 exit: 702 mbedtls_ccm_free(&ctx); 703 BLOCK_CIPHER_PSA_DONE(); 704 } 705 /* END_CASE */ 706 707 /* Provide incomplete auth data on first update_ad. 708 * Provide too much auth data on second update_ad */ 709 /* BEGIN_CASE */ 710 void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode, 711 data_t *key, data_t *iv, 712 data_t *add) 713 { 714 mbedtls_ccm_context ctx; 715 mbedtls_ccm_init(&ctx); 716 uint8_t add_second_buffer[2]; 717 718 /* This test can't be run with empty additional data */ 719 TEST_LE_U(1, add->len); 720 721 add_second_buffer[0] = add->x[add->len - 1]; 722 add_second_buffer[1] = 0xAB; // some magic value 723 724 BLOCK_CIPHER_PSA_INIT(); 725 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 726 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 727 // use hardcoded values for msg length and tag length. They are not a part of this test 728 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); 729 730 // pass incomplete auth data 731 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); 732 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 733 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2)); 734 exit: 735 mbedtls_ccm_free(&ctx); 736 BLOCK_CIPHER_PSA_DONE(); 737 } 738 /* END_CASE */ 739 740 /* Provide too much plaintext/ciphertext */ 741 /* BEGIN_CASE */ 742 void mbedtls_ccm_overflow_update(int cipher_id, int mode, 743 data_t *key, data_t *msg, data_t *iv, 744 data_t *add) 745 { 746 mbedtls_ccm_context ctx; 747 mbedtls_ccm_init(&ctx); 748 uint8_t *output = NULL; 749 size_t olen; 750 751 /* This test can't be run with an empty message */ 752 TEST_LE_U(1, msg->len); 753 754 BLOCK_CIPHER_PSA_INIT(); 755 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 756 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 757 // use hardcoded value for tag length. It is a not a part of this test 758 // subtract 1 from configured msg length to provoke an overflow 759 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16)); 760 761 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 762 763 TEST_CALLOC(output, msg->len); 764 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 765 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 766 exit: 767 mbedtls_free(output); 768 mbedtls_ccm_free(&ctx); 769 BLOCK_CIPHER_PSA_DONE(); 770 } 771 /* END_CASE */ 772 773 /* Provide incomplete plaintext/ciphertext and finish */ 774 /* BEGIN_CASE */ 775 void mbedtls_ccm_incomplete_update(int cipher_id, int mode, 776 data_t *key, data_t *msg, data_t *iv, 777 data_t *add) 778 { 779 mbedtls_ccm_context ctx; 780 mbedtls_ccm_init(&ctx); 781 uint8_t *output = NULL; 782 size_t olen; 783 784 /* This test can't be run with an empty message */ 785 TEST_LE_U(1, msg->len); 786 787 BLOCK_CIPHER_PSA_INIT(); 788 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 789 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 790 // use hardcoded value for tag length. It is not a part of this test 791 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 792 793 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 794 795 TEST_CALLOC(output, msg->len); 796 olen = 0xdeadbeef; 797 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen)); 798 mbedtls_free(output); 799 output = NULL; 800 801 TEST_CALLOC(output, 16); 802 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 803 804 exit: 805 mbedtls_free(output); 806 mbedtls_ccm_free(&ctx); 807 BLOCK_CIPHER_PSA_DONE(); 808 } 809 /* END_CASE */ 810 811 /* Provide full plaintext/ciphertext of first update 812 * Provide unexpected plaintext/ciphertext on second update */ 813 /* BEGIN_CASE */ 814 void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, 815 data_t *key, data_t *msg, data_t *iv, 816 data_t *add) 817 { 818 mbedtls_ccm_context ctx; 819 mbedtls_ccm_init(&ctx); 820 uint8_t *output = NULL; 821 size_t olen; 822 823 BLOCK_CIPHER_PSA_INIT(); 824 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 825 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 826 // use hardcoded value for tag length. It is a not a part of this test 827 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 828 829 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 830 831 TEST_CALLOC(output, msg->len); 832 // pass full text 833 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 834 // pass 1 extra byte 835 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 836 mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen)); 837 exit: 838 mbedtls_free(output); 839 mbedtls_ccm_free(&ctx); 840 BLOCK_CIPHER_PSA_DONE(); 841 } 842 /* END_CASE */ 843 844 /* Provide incomplete plaintext/ciphertext of first update 845 * Provide too much plaintext/ciphertext on second update */ 846 /* BEGIN_CASE */ 847 void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, 848 data_t *key, data_t *msg, data_t *iv, 849 data_t *add) 850 { 851 mbedtls_ccm_context ctx; 852 mbedtls_ccm_init(&ctx); 853 uint8_t *output = NULL; 854 size_t olen; 855 uint8_t msg_second_buffer[2]; 856 857 /* This test can't be run with an empty message */ 858 TEST_LE_U(1, msg->len); 859 860 msg_second_buffer[0] = msg->x[msg->len - 1]; 861 msg_second_buffer[1] = 0xAB; // some magic value 862 863 BLOCK_CIPHER_PSA_INIT(); 864 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 865 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 866 // use hardcoded value for tag length. It is a not a part of this test 867 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 868 869 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 870 871 TEST_CALLOC(output, msg->len + 1); 872 // pass incomplete text 873 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen)); 874 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 875 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 876 mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen)); 877 exit: 878 mbedtls_free(output); 879 mbedtls_ccm_free(&ctx); 880 BLOCK_CIPHER_PSA_DONE(); 881 } 882 /* END_CASE */ 883 884 /* Finish without passing any auth data or plaintext/ciphertext input */ 885 /* BEGIN_CASE */ 886 void mbedtls_ccm_instant_finish(int cipher_id, int mode, 887 data_t *key, data_t *iv) 888 { 889 mbedtls_ccm_context ctx; 890 mbedtls_ccm_init(&ctx); 891 uint8_t *output = NULL; 892 893 BLOCK_CIPHER_PSA_INIT(); 894 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 895 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 896 // use hardcoded values for add length, msg length and tag length. 897 // They are not a part of this test 898 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16)); 899 900 TEST_CALLOC(output, 16); 901 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 902 903 exit: 904 mbedtls_free(output); 905 mbedtls_ccm_free(&ctx); 906 BLOCK_CIPHER_PSA_DONE(); 907 } 908 /* END_CASE */